JISTEM - Journal of Information Systems and Technology Management

Revista de Gestão da Tecnologia e Sistemas de Informação
Vol. 10, No. 2, May/Aug., 2013 pp.219-234
ISSN online: 1807-1775
DOI: 10.4301/S1807-17752013000200002

Patricia Pérez Lorences
Lourdes Francisca García Ávila
Central University "Marta Abreu" from Las Villas, Santa Clara, Cuba
The present article aims to propose a general procedure to evaluate and improve
the Information Technology (IT) Governance in an organization, considering the
Business–IT alignment and risk management. The procedure integrates
management tools such as business processes management, risk management,
strategic alignment and the balanced scorecard. Additionally, to assess the IT
Governance level we proposed an indicator based on the process maturity. The
concepts and ideas presented here had been applied in four case studies, verifying
their implementation feasibility. The results indicate a low level of IT governance
and the existence of several problems primarily in the Plan and Organize and
Monitor and Evaluate domains.
Keywords: IT Governance, IT Management, IT Strategic Alignment, IT Risk
Management, IT Governance Assess, IT Governance Improvement

Information technologies (IT) have revolutionized the business world
irrevocably and in the context of the information age companies increase their IT
investments, becoming a major competitive component for companies (Dehning, Dow,
& Stratopoulos, 2004). Specific studies have shown empirically: the positive
relationship between corporate profitability and the use of IT in business processes
(Piñeiro Sánchez, 2006); the elevation of the productivity (Neirotti & Paolucci, 2007),
the improvement in the performance of processes inducing elevation enterprise
performance (Prasad & Heales, 2010), and the improvement in the performance of
services (Roberto Giao, Mendes Borini, & Oliveira Júnior, 2010).
The implementation of these resources is not enough to obtain the expected uses
of IT. These resources only offer a potential that the company should develop and adapt
Manuscript first received/Recebido em 31/01/2012 Manuscript accepted/Aprovado em: 10/04/2013
Address for correspondence / Endereço para correspondência
Patricia Pérez Lorences, Industrial Engineer, Master in Business Informatics (MBI) Assistant professor of Business
Informatics Group. Industrial Engineering Department Central University "Marta Abreu" from Las Villas, Santa
Clara, Cuba. E-mail : patriciapl@uclv.edu.cu
Lourdes Francisca García Ávila, Industrial Engineer, PhD in Technical Sciences, Consultant professor of Business
Informatics Group. Industrial Engineering Department , Central University "Marta Abreu" from Las Villas, Santa
Clara, Cuba. E-mail : Lourdes@uclv.edu.cu
Published by/ Publicado por: TECSI FEA USP – 2013 All rights reserved.

and conclusions are described in section 5. The objective of the study reported in this paper was to develop a general procedure to assess and improve IT Governance in an organization. Becker. P. 2010) shows that the influence of IT on the future profits of the company depends on various contextual factors such as quality of management and strategic alignment. 219-234 www. it is a fact that the vast majority (92%) of respondents are aware of the problems with the use of these resources and the need to take action in this regard. Management efforts to sustain high levels of IT capability translate into sustainable competitive advantages (Huan. In 2008 (ITGI. & Macada. Caravalho. however. 2000). pp. 2007) that companies show a successful return on IT investment. 2006). which have positive effects on organizational performance.220 Pérez Lorences. (Masli. to ensure maximum benefits and management of the associated risks. a study of more than 400 Brazilian companies showed that companies that adopt IT governance mechanisms have an improvement in their financial performance. 36% of the respondents indicated that the alignment between IT strategy and corporate is bad or very bad. L. The research reflects the importance of how IT continues to grow and has significantly increased interest in adoption and implementation of best practices. & Lin. 2009) and 2010 (ITGI. The evaluation and improvement of IT governance is extremely important because it allows companies to control if they are really making effective management of their IT. Ou. García Ávila. Then 38% of the respondents said the lack of IT staff skills is another problem. have better IT management practices that allow them to adapt their organizational routines to meet business needs. & Smith. JISTEM. reflected by 48%. Investigations in hundreds of companies around the world have revealed a trend toward the increased maturity level in the area of IT in organizations. These results confirm the relevance and importance of having tools to improve governance of these resources. 2011) the IT Governance Institute implemented a comprehensive study in organizations of various sectors in 23 countries representing all continents. (Bharadwaj. Similarly. The second problem. there is a lot left for improvement. people are the most critical problem. 2012). 2011). The main results of the case studies are analyzed in section 4.May/Aug 2013. P.2. but there are still many incidents.usp. Brazil Vol. Shimizu.jistem. it was found that communication between IT and users is improving. No. under the conditions and requirements imposed by today's business environment and prospects. Liu. considering the Business–IT alignment and risk management. While security and compliance are important elements mentioned. 10.br . but slowly. Neirotti and Paolucci prove with their study (Neirotti & Paolucci. 2011) that the planning and management of IT influence the allocation of human resources and IT. some concepts of IT governance are recapitulated in section 2 and the propose procedure is presented in Section 3. to their specific business context. Although the gap is significant for improving the alignment with the business strategy. Based on the results of the study. & Chan. Chen. & Rabechini Junior. 2008) y (Yao. F. Sanchez. primarily in relation to profitability (Lunardi. Moreover. 58% of respondents considered insufficient the number of IT people in their organizations. Hence. enterprises need help to raise the level of IT governance. & Richardson. It is essential to have a clear strategic vision of the role of IT in business (Laurindo. There is empirical evidence (Bulchand-Gidumal & Melián-González. refers to the incidents relating to the provision of services. using management skills. Hunter. In this paper. Richardson. Other research (Kobelsky. which is the main problem presented. 2001).fea.

the most mentioned are: ITIL (Commerce. 2010). Among these. and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives (ITGI. The scope of IT governance are not single decisions themselves but the determination which decisions need to be made. (Van Bon.The evaluation and improvement of IT governance 221 2 LITERATURE REVIEW Information technology (IT) has become pervasive in current dynamic and often turbulent business environments. ISO27000 (ISO. standards. who can contribute to the decisionmaking processes and who is eventually eligible to make the decision.usp. (Wim Van Grembergen & De Haes.jistem. IT governance addresses the definition and implementation of processes.fea. COBIT provides tools to assess and measure the performance of 34 IT processes of an organization (ITGI. No.br . & P. 2012) referred to information security and IT BSC (W. (Peterson. 2009). 2007). Brazil Vol. JISTEM. This IT-business alignment will ensure that organizations continue to achieve their strategies and goals. but also to shape new strategies. In this sense. but only an explicitly designed one is able to align IT effectively and efficiently to the goals of the company. 2008). While in the past. 2009). business executives could delegate.g. (Wim Van Grembergen. One special aspect of IT governance is that it considers the interests of all stakeholders and ensures that processes provide measurable results. De Haes. Multiple researchers share the same view of IT Governance (e. pp. COBIT framework has an integration nature. and ethical obligations in respect of their organizations' use of IT. IT governance specifies the decision rights and accountability framework to encourage desirable behavior in the use of IT (Peter & J. This behavior relates to the form of the leadership. This major IT dependency implies a huge vulnerability that is inherently present in IT environments. and implement ways to evaluate its performance. The Control Objectives for Information and related Technology (COBIT) is an approach to standardize good information technology security and control practices. Van Grembergen. provides a framework for effective governance of IT to assist those at the highest level of the organizations (Standardization. 2004). with the involvement of all levels of management (Prasad. but also an opportunity to differentiate and to achieve competitive advantage. corporate governance of information technology. responding adequately to the governance of IT and its alignment with business objectives.May/Aug 2013. 2008)) IT governance essentially places structure around how organizations´ IT strategy aligns with business strategy. Heales. 2011) which address IT service management. 2004). IT becomes not only a success factor for survival and prosperity. In recent years. In this mindset. & Guldentops. 219-234 www. This situation is possible with lateral IT governance structures. 2011) and ISO/IEC20000 (ISO. 2004). this is now impossible in most sectors and industries. regulatory. 10. 2009). frameworks. 2000) as an adaptation of the BSC to the IT environment. IT of course has the potential not only to support existing business strategies. The ISO/IEC 38500:2008. The standard assists top management to understand their legal. and best practices addressing different aspects of IT management and governance have emerged and matured. ignore or avoid IT decisions. every company has IT governance.2. structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments (Wim Van Grembergen & De Haes.

3 PROCEDURE TO EVALUATE AND IMPROVE THE IT GOVERNANCE The proposed procedure was divided into four phases as shown in figure 1 to ensure the cycle of continuous improvement for IT governance. No. pp.jistem. P. it was necessary to develop a method. F. 1. and they could be used as a support for its assessment and improvement. Fig. from the results of the previous phase. In the fourth stage we propose a specific procedure to analyze IT risk management. The third stage is dedicated to analyzing the alignment of IT resources to the business objectives of the organization. Therefore. Already in the third phase. the Design of the IT governance process is carried out. Brazil Vol. we proceed to execute the process designed. García Ávila.222 Pérez Lorences.usp. This phase ends with the design of the To-Be process. The maturity diagnosis takes place at the sixth stage and the calculation of a comprehensive indicator of IT governance that characterizes the current state of the organization take place in stage 7. depending on the assessment (stage 8). The JISTEM. which allows the identification of opportunities for improvement in the process. organizations can follow a few supporting mechanisms to guide their implementation of IT governance.May/Aug 2013. Because of its importance as a reflection of the actions of IT management. whcih let you get an assessment of risks in the organization. integrating all the IT governance´s aspects with a strategic approach. including its modeling and the approval of the suggestion. Searching the literature. It begins with modeling and analysis of the As-Is process in stage 9. 219-234 www. This phase of the procedure culminates with the proposal of improvement actions. Procedure to evaluate and improve the IT governance The first phase is dedicated to the Evaluation of the current state of IT governance in the organization.fea. In the second phase.br . defined under the BPM approach. 10.2. Implementation. stage five is characterized by employee level of satisfaction with IT services and resources. P. Stages 10 and 11 describe in detail the selection and design of the sub-processes. proposing a set of tools to carry out this assessment. L. It begins with the conformation of the team and the second stage proceeds with the general characterization of the organization.

into: Strong. implement. infrastructure and staff. Carry out an inventory of IT resources of the organization The folowing should be identified: the applications. To do that. It includes: Definition of the team structure. which should. acquire. Stage 3: Analysis of IT resources and alignment to business objectives At this stage we will analyze the impact of IT in achieving business goals and current conditions of the company to meet these requirements.usp. based on the principles of IT BSC. We propose an inventory model that is a format table useful to organize the information for categories and its impact classification. To monitor the achievement of the procedure objectives a final stage dedicated to the recalculation of the proposed indicator is included. organize. determination of members quantity and selection of the personnel.The evaluation and improvement of IT governance 223 general procedure ends with a Control phase which is the "engine" of continuous improvement. appreciate the value of information technology to achieve their business objectives. 219-234 www. No. II. Stage 2: General description of the organization This second stage corresponds to the general characterization of the organization under study. Medium or Weak. because depending on the results.br . it might involve a return to earlier stages. considering the current and potential importance of IT resources. deliver. we design an algorithm as shown in Figure 2.1 Phase 1: IT Governance Evaluation Stage 1: Conformation of the team The first stage is aimed at the conformation of the team. 3. monitor and evaluate the systems and information services. which will feature the full implementation of the procedure. Brazil Vol. JISTEM. support. which are required to plan.2. We propose the calculation of indicators to monitor the sub-processes implemented and we designed a generic scorecard as a tool management control of IT. assignment of responsibilities and tasks. 10. and it must be redefined by the organization.jistem. and its ease of replacement.May/Aug 2013.in particular. and the training of staff. pp.fea. Classify the IT resources in terms of their impact on business From the inventory of IT resources in the organization we proceed to classify them individually. which also includes situation analysis and ends with the proposal of improvement measures. It includes: Description of the organization general data. It includes the following steps: I. and identification of the objectives and business processes. according to their impact on the business.

2004). P. Fig. infrastructure and staff)on the business and the global impact of all resources.jistem. which is not specific for IT. The proposed matrix is useful to analyze the alignment and possible strategies to follow. 2002) defines a set of measures that assess: the business process degree of automation. To support this analysis the matrix shown in Figure 3 was developed. the support degree of information systems and the support degree of information systems on-line. the IT strategic grid to examine the strategic role of IT McFarlan and McKenney (MacFarlan & macKenney.2. 1991). García Ávila. 1983) and Matrix Technology Management (Edwards & Bytheway. (Jiménez Quintana. 219-234 www.May/Aug 2013. We used these bases and our empirical experience to define a qualitative scale for the degree of dependence on IT in three levels: Strong. Evaluate business processes according to their degree of dependence on IT The literature offers few precedents where it is allowed to establish the dependence on IT from a business process to be classified into one scale. Little (Little. 2000) modify that propose. III.usp.224 Pérez Lorences.br . Analyze the correlation between IT resources and requirements of the organization based on business objectives Once there is the classification of IT resources according to their impact on the business and evaluation of business processes according to their degree of dependence on IT. 2. 1981) establishes one scale to assess the technological position in an enterprise and (Brito Viñas. 10. It is based primarily on the following elements: Strategic Alignment Model (Luftman. we proposed a set of indices useful to determine the impact of each type of IT resource (applications. in this step we analyze the alignment between the two aspects. JISTEM.fea. IV. L. Brazil Vol. Medium or Weak. pp. No. Algorithm to classify the IT resources in terms of its impact on business Once each one is classified. but in both cases it is a breadth scale. F. P.

we propose a specific procedure.2.usp. 3. Identify vulnerabilities • Are vulnerabilities identified? 4. No. Determine probability level • Is the likelihood of a threat to act on a determined vulnerability. 10.br . Matrix (dependence on business processes / impact of IT resources). pp. Identify threats • Are threats identified? 3. Analyze impact • Have you analyzed the impacts of a threat to act on vulnerability? 7. Document results JISTEM. considering existing controls? 6.fea.May/Aug 2013. 219-234 www. Analyze controls • Which controls are implemented? 5.jistem. Determine risk level • Have you determined the risk levels? 8. Brazil Vol. alignment analysis Stage 4: Analysis of IT risks and their management At this stage we analyze the management of IT risks in the enterprise.The evaluation and improvement of IT governance 225 STRONG STRONG MEDIUM WEAK Alignment Misalignment Non-Alignment Maintain / Improve IT Assess Investment Execute Governance projects / Cost-Benefit projects analysis analysis MEDIUM Misalignment Alignment / Investment Cost-Benefit Non-Alignment Innovation in IT / Maintain / Improve IT Assess Investment projects Identify opportunities Governance / Cost-Benefit analysis offered by IT resources for business Non-Alignment WEAK Dependence on IT of business process Impact of IT resources on business objectives Identify improvements Non-Alignment Alignment process Assess process Improve process / Identify improvements / Use IT opportunities offered by IT potentialities resources for business Fig. For this. Recommend controls 9. Establish the strategic context of risk • Are critical IT resources identified? 2. structured in nine steps as shown: 1.

pp. Stage 6: Making the maturity diagnosis of the IT control objectives The first step of this stage is to define the domains and control objectives to diagnose.fea. enabling the analysis of IT risk management.2. Stage 5: Characterization of employee satisfaction with the resources and IT services The special importance of employee satisfaction with IT resources and services motivated the inclusion of this stage in the diagnostic procedure. for which we propose an indicator to evaluate the level of IT Governance (IGTI).226 Pérez Lorences. Brazil Vol. The content and tools of each step. provide the necessary elements to answer the question proposed. P.jistem. Stage 7: Assessment of IT governance in the organization At this stage we assess IT governance in the organization. Then we proceed with the collection. IT staff and services. Determination of the relative importance of domains and control objectives II. The equations and model evaluation were developed by the authors considering the maturity level of each control objective and the assumption that these control objectives do not have the same importance in the enterprise.usp. 219-234 www. Assessment of the domains and control objectives We propose the assessment of each control objective through the following expression: EOCdg  EOCdg Wdg Wdg xNM dg 5 (1) : Assessment of the control objective “d” of the domain “g” : Weight (relative importance) of the control objective “d” of the domain “g” NM dg : Maturity level of the control objective “d” of the domain “g” The sum of the assessments of the control objectives gives the domain result mg RDg   EOCdg d 1 RDg (2) : Result of the domain “g” The evaluation of each domain is calculated using the following expression: EDg  Wg  RDg  100 EDg Wg (3) : Evaluation of the domain “g” : Weight of the domain “g” JISTEM. 10. The steps to develop this stage are: I. which must be adapted by the team considering elements to be added or removed depending on the characteristics of the organization. No. A general proposal was made starting from COBIT 4. verification and analysis of information to determine the maturity level of each control objective according to the maturity models defined by COBIT.1 framework. P. A survey was designed to characterize employee satisfaction with infrastructure.May/Aug 2013. L. applications.br . guidance for the implementation of the diagnonis to obtain the risks. García Ávila. and on the other hand. F.

The determination of intervals was made using the simulation of results. Preparation of evaluation report From the results obtained in the previous stages. JISTEM. Graphical representation of results The indicator to evaluate the level of IT Governance (IGTI) is calculated as shown: 4 I GTI   EDg g 1 (4) We define the scale for assessment of IT Governance from Non-existent level to Optimized.br . 219-234 www.usp. this step is required to produce a report which includes assessing: the analysis of IT resources and alignment to business objectives.jistem. 4. as shown in table 1 considering the maturity levels proposed in COBIT. using control radars and Cause-Effect graphics like shown in figure 4. The main problems affecting IT governance in the organization should be noted. Table 1. No. the analysis of the characterization of employee satisfaction. Determination of indicator IGTI.2. 10.fea.The evaluation and improvement of IT governance 227 III. Brazil Vol. using control radars and Cause-Effect graphics IV. Graphical representation of results. and a list of domains and control objectives that reflected greater difficulty. pp. analysis of IT risk management.May/Aug 2013. We propose a graphical representation of results. Scale for assessment of IT Governance Intervals IGTI (%) IT Governance Assessment (95≤ IGTI ≤100) Level 5: Optimized (75≤ IGTI <95) Level 4: Managed (55≤ IGTI <75) Level 3: Defined (35≤ IGTI < 55) Level 2: Repeatable (15≤ IGTI < 35) Level 1: Initial/Ad Hoc (IGTI< 15) Level 0: Non-existent PLAN AND ORGANISE ACQUIRE AND IMPLEMENT IT GOVERNANCE LEVEL DELIVER AND SUPPORT MONITOR AND EVALUATE Fig.

as applicable. The team should define the notation and the tool to use for modeling. Informed). Stage 10: Determination of required sub-processes At this stage the analysis includes: COBIT processes that are pertinent or not in the organization and what processes are required in correspondence with the characteristics of the organization. No. Accountable. Stage 9: Modeling and analysis of As-Is process At this stage we model the IT governance process that currently exists in the organization. we could point the need to incorporate new sub-processes or activities based in the COBIT framework. The modeling of the current situation allows the identification of opportunities for process improvement. phase 2 begins with As-Is process modeling. Stage 11: Design or redesign of each sub-process At this stage the processes based on COBIT should be redesigned according to the characteristics of the organization. Stages 10 and 11 correspond to the proposed improvements to the AS-IS process. Redesign based on the assessment and Document the To-Be process. L. García Ávila. showing how to relate those sub-processes connected by their inputs and outputs. we design the To-Be process. From the diagnosis made we could point the deficiencies that might exist in the structure of the current process. Stage 12: Design of To-Be process Once each sub-process is redefined.br . RACI Chart (Responsibility. Consulted.May/Aug 2013. Brazil Vol. F. which are not covered in the COBIT framework.usp. The design of the new additional processes is required. Stage 8: Proposal for corrective.2. goals and metrics of the process. pp. preventive and / or improvement actions. otherwise it goes to stage 10.228 Pérez Lorences. JISTEM. P.2 Phase 2: Design of the IT governance process The design phase has been formed under the approach of Business Process Management (BPM). preventive and / or improvement actions Once made. the report prepared by the team may indicate the need for corrective. P.jistem. The analysis of the current state of IT governance in the organization was realized in the previous phase. so in case there is a defined IT process in the organization. 3. At this stage we proceed to develop the proposal for such actions. Also. 219-234 www.fea. We recommend using BPMN for business process modeling. Evaluation and approval of the designed process. The steps in this stage are: Modeling the To-Be process. The elements to consider are: overview of sub-process. the IT governance diagnosis. 10. inputs and outputs of sub-process. description of subprocess activities.

IT process control does not require that this has been fully implemented.usp. Stage15: Control of sub-processes At this stage it is proposed to calculate the KPI (Key Performance Indicators) during the performance of a subprocess and KGI (Key Goals Indicators) after implemented. which may involve a return to earlier stages in terms of results. This design and the proposed indicators should be adapted by the organization in terms of the IT process designed.2. To control the overall performance of IT governance in the organization. pp. we also propose to determine the IT Governance Level indicator proposed in the first stage. process monitoring and taking actions to achieve goals. an implementation plan should be established. This plan includes the actions to be taken into consideration to ensure the transition from the As-Is process to the To-Be process. with the IT process implementation. KGIs define measurements to inform if an IT process reached its business requirements. allowing you to make decisions during the implementation phase and maintain a control and monitoring system to ensure the successful completion of the actions provided. Stage 16: Management control Tool. Brazil Vol. internal communications.The evaluation and improvement of IT governance 229 3. In the implementation. it can be carried out independently by each sub-process. The preparation and training of managers and staff of the organization through training programs focused on developing knowledge and skills in IT governance can be useful at this time. We propose a generic design based on IT BSC (W. KPIs allow determining how well the IT process is performing to achieve the goal. 2000) . This commitment must be tangible through active participation. analyzing its behavior with respect to the state it was before implementing the improvements in the organization. it is of utmost importance to ensure the commitment of top management to achieve successful results. we proceed to gradually implement sub-processes.4 Phase 4: Control This phase focuses on evaluating and controlling the behavior of the IT governance in the organization. This phase constitute the "motor" of continuous improvement for the procedure.3 Phase 3: Implementation Stage 13: Develop an implementation plan To ensure the successful performance of the designed process. JISTEM.jistem. indicating whether it is feasible to achieve a goal or not. to determine if they achieve their objective. No.br . The plan also defines the priorities that order the implementation of sub-processes. at this stage. 3. Van Grembergen. 10. resource allocation. based on its importance for the enterprise.May/Aug 2013. their interests and special characteristics. IT balanced scorecard has also been designed. IT BSC As a tool for management control at this stage we proposed to design a balanced scorecard for IT. Stage 14: Gradual implementation of sub-processes From the priorities identified in the implementation plan. 219-234 www. willingness to change.fea.

We consider achieving a balance between the enterprise selected. To achieve the necessary improvements. P.87% to 44. this analysis can include the return to phases 2 or 3 of the procedure for the redesign of the process. 10.May/Aug 2013.fea. 4 RESULTS The application of the procedure in four case studies lets us verify their implementation feasibility as effective methodological instruments to. JISTEM. first of all. García Ávila. L. assess the IT governance in these enterprises focusing on the main problems. depending on the deficiencies identified in its initial design or its implementation. once the IT process is implemented. could have influenced these results. Stage 17: IT Process Evaluation 17. its performance will need to be reviewed periodically. F. The IT governance improvement is evident in the elevation of the indicator to evaluate the level of IT Governance since 25. Also to be considered external events that. Brazil Vol. If the return is not necessary.jistem. 219-234 www. during the period considered for assessment. resulting from a considerable improvement in all domains as shown in figure 5 (red color represent the early assess).1 Recalculation of the IT Governance Level indicator The recalculation of the indicator allows a comparison of the behavior results of the current situation.81%. depending on the characteristics of the organization and changes that might be generated internally or externally. in which case we will proceed to improve it. If the organization's performance has not evolved positively.usp. No.230 Pérez Lorences.2 Situation analysis If the proposed process is suitable for IT governance in the organization and has led to tangible improvements. In this article we presented a synthesis of the results in one software development enterprise and the global analysis for the rest. including two software development enterprises and two commercial enterprises. The analysis might reveal problems in the implementation of the process or its design. 17. pp. P. The return to stage 2 could be necessary. The application of the procedure in this enterprise allows the design and implementation of a new IT governance process according to their peculiarities. 3. and in second place to determine improvement opportunities that contribute to IT-Business alignment and risk management. we must analyze the causes.br . we continue with the implementation and consolidation of IT process in the organization.2. This check allows to verify the effectiveness of the proposed process and establishes the relevant improvements if necessary.17 Proposing improvements After the situation analysis we proceed to the proposal of measures contributing to the continuous improvement.

Graphical representation of results. The design and implementation phases. by other similar organizations. The flexibility of their instruments was demonstrated. The analysis proves that a lack of adequate IT governance exists. These results are showed in (Pérez Lorences. using control radars. monitor and improve IT Governance in an organization. their business on information technologies. The structure and content of the phases proposed ensure the cycle of continuous improvement for IT governance. the approach of process maturity. trading companies. Brazil Vol. The IT BSC design includes four perspectives. demonstrated its applicability to entities with different characteristics. we presented a new general procedure to analyze. the principles of Business Process Management and IT Balance Scorecard. considering employee satisfaction. The calculi of the indicator to evaluate the level of IT Governance showed all case studies´ results under the 40%. The successful application of the procedure in the companies studied. In the other enterprises the first stage was finalized. Similarly.fea. No. both in software companies. expression of best practices in the IT governance field. identifying the problems and the improvement actions recommended. The inclusion of a control phase is vital to ensure continuous improvement.2. 2010). This was demonstrated when methodological tools of the evaluation phase were applied to the software case studies. to guarantee the proactively in the monitoring of IT governance at the enterprise. both traders. based on business requirements. 219-234 www. guide the construction of the IT governance process as a central proposal for improvement.br .May/Aug 2013. 5. The procedure considers the alignment between business processes and IT resources. thus allowing a comprehensive assessment of IT governance in the organization. this phase JISTEM. being evidenced adequate operational flexibility.The evaluation and improvement of IT governance 231 Fig. to ensure the flexibility of its application. which support to a greater or lesser extent. IT risk management. 10. pp. denoting a low level and the existence of several problems primarily in the Plan an Organize and Monitor and Evaluate domains. All this is complemented by the COBIT framework. it was found in the case of the other two companies under study. 5 CONCLUSION In this paper. based on the assessment and best practices. making them desirable in principle. evaluate.usp. It was selected a set of metrics balancing key performance indicators and key goals indicators. The ability to select the control objectives to be evaluated and to determine the relative importance they have on the company to obtain an assessment of their level of management. The evaluation phase integrates the best practices of the COBIT framework with tools of IT resources alignment and risk management.jistem.

(2004). 160-179. Hemel Hempstead: Prentice Hall International. International Journal of Accounting Information Systems. 8(2). Dow. O papel da tecnologia da informação (TI) na estratégia das organizações.... K. & Lin. pp. J. Cuba. (2009). C. Modelo conceptual y procedimientos de apoyo a la toma de decisiones para potenciar la función de Gestión Tecnológica y de la Innovación en la empresa manufacturera cubana. (2001). An empirical study of relationship between IT investment and firm performance: a resource-based perspective. W.itil-officialsite. & Rabechini Junior. 154-174. ITIL v. COBIT 4. ITGI. 169-196. (2007). S. 461-478. F. ITGI. 219-234 www. Caravalho. . & Richardson. B. The Essence of Information Systems. M..-M. Dehning. J. contextual factors and the volatility of firm performance. (2008). P. G. E. (2002). http://www. Information technology and organizational slack. Global Status Report on the Governance of EnterpriseIT: IT Governance Institute. B..br . (2006). http://www. REFERENCES Bharadwaj. International Journal of Accounting Information Systems. Bulchand-Gidumal. Commerce.. 9(3). UCLV. ISO/IEC 27000: Information technology -. K.2.htm?csnumber=56891. T. S. : IT Governance Institute.fea. 984-999. management. (2011). 51-63. Maximizing the positive influence of IT for improving organizational performance. S. B. Gestão e Produção.. Indicadores de Alineamiento entre Procesos de Negocios y Sistemas Informáticos. Kobelsky. Brito Viñas.. Villa Clara. Hunter. (2011). balancing goal and performance indicators that ensure proactive improvement actions. ISO.-M. & Bytheway. J.. (1991). No.usp. T. S. ITGI. 20(4). allows the monitoring.1 Control Objectives for Information and related Technology.. C.232 Pérez Lorences. C. B. Laurindo. & Stratopoulos. Brazil Vol. García Ávila. Ou. (2012). V.. Chen.-S.org/iso/catalogue_detail?csnumber=51986. An empirical investigation. ISO.May/Aug 2013.Service http://www.. (2011). 24(1)..Security techniques -Information security management systems.org/iso/home/store/catalogue_tc/catalogue_detail. (2011). 10. o.: IT Governance Institute.com/. MIS Quarterly. Shimizu. Information Technology Infrastructure Library. The Journal of Strategic Information Systems. P.jistem. A resource-based perspective on information technology capability and firm performance. Jiménez Quintana. Edwards. (2000). 5(1). & Melián-González. JISTEM. (2000). A. European Journal of Operational Research. M. Universidad de Concepción. Information technology. L. F.3. O..iso. IT Governance Global Status Report 2008.iso. R. Huan. ISO 20000: Information technology -.

. Standardization. The Strategic Management of Technology. A. 612624.A. D. International Journal of Accounting Information Systems. Um estudo empírico do impacto da governança de TI no desempenho organizacional. & Oliveira Júnior. Journal of Information Systems and Technology Management. 568-582. 11(3). Mendes Borini. Cuba. 37-80). & Heales. O.. 214-332. R. Producao. Neirotti. W..The evaluation and improvement of IT governance 233 Little. V. J. United States of America and United Kingdom: Idea Group Publishing. Boston. 10. (2004). & J. Masli. Peter. United States of America and United Kingdom: Idea Group Publishing. Van Bon.S. Sanchez. International Journal of Accounting Information Systems. 11(4). MA: Harvard Business School Press. Becker. 99-128). M.jistem. R. J. Prasad. Richardson. A. A..2. (2010). & Smith. Pérez Lorences. & P. E. L. MacFarlan. Illinois: Richard D. P. & macKenney.May/Aug 2013. (2010). Massachussets. W. 44(6). 335-352.. J. C... Information Systems Control. 22(3). On IT and business value in developing countries: A complementarities-based approach. Returns to IT excellence: Evidence from financial performance around information technology excellence awards. (2007). R. The Balanced Scorecard and IT Governance. (2011). I. (1981). Luftman.. (2010). 314-335. UPGRADE The European Journal for the Informatics Professional. Corporate Information Systems Management. 2. 7(2). Integration Strategies and Tactics for Information Technology Governance Strategies for Information Technology Governance (pp. This is NOT IT Governance. Heales. Brazil Vol. P. 219-234 www. 15(2). C. F. & Paolucci. The influence of technology on the performance of Brazilian call centers. Van Grembergen. accessed 1February 2011. Irwin Inc. www. JISTEM. G.. (2004). Assessing the strategic value of Information Technology: An analysis on the insurance sector. P. J. U. Un estudio transversal sobre la contribución de las tecnologías de la información al éxito empresarial. Cambridge. Assessing Business-IT Alignment Maturity Strategies for Information Technology Governance (pp.. J..fea. Homewood. 61-78. J. Procedimiento para evaluar y mejorar la gestión de tecnologías de la información en empresas cubanas. (2012). Revista Europea de Dirección y Economía de la Empresa.iso. (1983).. pp. & Macada. G. Universidad Central Marta Abreu de Las Villas. J. Peterson. Villa Clara. A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness: evidence from IT steering committees. No. Roberto Giao. J. 189-205. f. (2010). A. . L. Prasad. IT governance: how top performers manage IT decision rights for superior results. G. M.org. International Journal of Accounting Information Systems. (2004). M. Lunardi. W.. E.usp. R. 9(1). F. (2000). 5-13. Corporate Governance of Information Technology. Information & Management. 12(3). (2008). d. (2006). ISO 38 500. Piñeiro Sánchez. (2008).br . A.

Van Grembergen. L. 11(4).234 Pérez Lorences. New York: Springer Science + Business Media. (2009). JISTEM. & Guldentops. P.May/Aug 2013.br . Liu. L. S. García Ávila.. H.jistem.fea. C. & De Haes. S.. F. The influence of firm specific context on realizing information technology business value in manufacturing industry.. & Chan. 353-362.2. Yao. (2004). J. (2010). De Haes. Brazil Vol. 1-36). S. 10. 219-234 www. Structures. E.. United States of America and United Kingdom: Idea Group Publishing. Van Grembergen. W.. Processes and Relational Mechanisms for IT Governance Strategies for Information Technology Governance (pp. pp. Enterprise Governance of Information Technology.usp. P. No. W. International Journal of Accounting Information Systems. Achieving Strategic Alignment and Value.